Is there a way to get the

<http://awsx.lb|awsx.lb>.ApplicationListener

resource to not create security group rules? Even when I specifically pass a security group, it still adds additional rules to that SG to allow all traffic to the specified port. I'm trying to lock down the endpoint to specific CIDR blocks for now. I'll post code and pulumi output in the thread

You can't do it natively with awsx, you can either: - use a transform to modify the security group/omit it: https://www.pulumi.com/docs/intro/concepts/resources/#transformations - manually add your ApplicationListener with the aws library buiilding blocks

okay gotcha, thanks @billowy-army-68599. That gives me a way forward 👍